[jira] [Commented] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled

[Steve Loughran (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16201718#comment-16201718
 ] 

Steve Loughran commented on HADOOP-14935:
-----------------------------------------

bq.  Hmm, as part of another JIRA, someone should define FileSystem.access in 
the documentation and add contract tests.

I saw that, and yes. When I first did that FS spec I trying to pull out the 
tests from Swift while delving into the depths of HDFS to actually work out 
what went on. I'd avoided the security stuff as it was a lot of extra 
complexity & things were hard enough as it is. It's time, at least once we've 
finished output stream. 

Thinking of what it'd take, it'd be more complex than the others: we'd have to 
define abstract methods for subclasses to use to set up permissions. Though if 
setPermission() &c were all implemented, you'd have a consistent suite, albeit 
a complex one.



> Azure: POSIX permissions are taking effect in access() method even when 
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14935
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14935
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-14935-003.patch, HADOOP-14935.1.patch, 
> HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does 
> not override {{access(path,mode)}} method and uses the default implementation 
> from the base class. This base implementaion uses the POSIX permissions to 
> check if the requested user has access to given path or not even when 
> authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use 
> the authorization mechanism provided instead of relying on the POSIX 
> permission ons. So the proposal is to override {{FileSystem.access()}} method 
> in {{NativeAzureFileSystem}} such that it honors the authorization mechanism 
> configured in authorization enabled mode and falls back to POSIX permissions 
> otherwise.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org